On Wed, Nov 16, 2011 at 12:49:41PM +0000, David Woodhouse wrote: > We *have* had Cisco's IPSec over TCP working; it's not particularly > difficult. However, we never really worked out how to make it work > nicely on Linux; the kernel really *really* wants to eat all TCP packets > and will give a TCP RST to any connection it doesn't think is open. Any > mechanism to effectively operate TCP in userspace, which is what we need > to do, would be very much frowned upon. Why not use a tun/tap interface set up with a private ip address which the vpn application causes to be masqueraded by the host? That should work and be portable across all kernel versions. -ben -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
